SB doesn't remove "Somoto.BetterInstaller"

Adriano Cruz · Oct 3, 2013

Spybot has found "Somoto.BetterInstaller" malware in my PC. Then, after it has been fixed by SB, it is detected in the next scan again.
I would like to know how to remove definitely this threat from my PC.
The software from Somoto is already uninstalled but this malware is identified as a registry key type by SB.

Robybel · Oct 3, 2013

Hi and Welcome!! Adriano Cruz

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!!

==============================

Scan with OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

=============================== Next =======================================

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

On your next reply please post :

OTL.txt

Extras.txt

aswMBR log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Adriano Cruz · Oct 4, 2013

OTL.txt

Hi Robybel!

I appreciate your help and attention!!!!

Below is the archive OTL.txt. In future posts, I will send the others archives.

OTL logfile created on: 04/10/2013 16:54:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS

Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Arquivos de Programas\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe ()
PRC - C:\Arquivos de Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPService.exe (Abine Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
PRC - C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

========== Modules (No Company Name) ==========

MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll ()
MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll ()
MOD - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
MOD - C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPButton.dll ()
MOD - C:\Arquivos de Programas\IZArc\IZArcCM.dll ()

========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (vToolbarUpdater17.0.12) -- C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
SRV - (AVGIDSAgent) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Arquivos de Programas\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (TVICHW32) -- File not found
DRV - (BootDefragDriver) -- System32\drivers\BootDefragDriver.sys File not found
DRV - (NdisrdMP) -- C:\Windows\System32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (Ndisrd) -- C:\Windows\System32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (GbpKm) -- C:\Windows\System32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)
DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {96E5BEB0-9B21-4A0F-9ACE-870255201492}
IE - HKLM\..\SearchScopes\{96E5BEB0-9B21-4A0F-9ACE-870255201492}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://positivo.br.msn.comhttp:// [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 0F 96 0A CD A2 CA 01 [binary data]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes,DefaultScope = {4869887B-18B6-4360-A362-D83D7786FC3A}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes\{4869887B-18B6-4360-A362-D83D7786FC3A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&pr=fr&d=2013-05-14 14:58:13&pid=avg&sg=0&v=15.3.0.11&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013/10/02 15:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/09/09 15:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]

[2010/01/31 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Extensions
[2013/09/29 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions
[2013/05/28 20:13:13 | 000,000,000 | ---D | M] (Guardiao Itau Unibanco) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/07/12 15:33:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\donottrackplus@abine.com
[2013/09/27 15:35:12 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\idme@abine.com
[2013/07/23 19:25:34 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/07/30 21:03:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/10/01 14:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/10/01 14:35:57 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/09 15:45:56 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\ANAEANO\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
[2013/02/12 01:33:44 | 001,904,472 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2013/05/20 21:40:17 | 000,003,717 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2013/10/03 15:20:13 | 000,449,438 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (Do Not Track Me) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Arquivos de Programas\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDFPrint] C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Do Not Track Me (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EB143E-8F5A-41A7-B3A9-2827929C5192}: DhcpNameServer = 200.204.0.10 200.204.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de Programas\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 21:49:08 | 000,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/04 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\aswMBR
[2013/10/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
[2013/10/01 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/29 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\anaeano\dwhelper
[2013/09/29 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\anaeano\Local Settings
[2013/09/26 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/26 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/26 12:02:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/26 12:02:39 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/25 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/25 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/25 17:31:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/09/25 17:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/09/23 20:21:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/09/20 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\anaeano\AppData\Roaming\vlc
[2013/09/13 21:28:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 21:28:20 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 21:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 21:28:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 21:28:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 21:28:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 21:28:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/13 21:28:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 21:28:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 13:54:56 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/13 13:54:55 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/13 13:54:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/13 13:54:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/13 13:54:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 13:54:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 13:54:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 13:54:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 13:54:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 13:54:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

========== Files - Modified Within 30 Days ==========

[2013/10/04 16:33:14 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 16:22:31 | 000,673,162 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/10/04 16:22:31 | 000,624,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/04 16:22:31 | 000,131,290 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/10/04 16:22:31 | 000,109,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/04 16:22:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/04 10:33:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 10:33:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 10:25:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/10/04 10:25:27 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/10/04 10:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 10:25:16 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/03 15:20:13 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/03 14:54:04 | 000,102,682 | ---- | M] () -- C:\Users\anaeano\Desktop\Sanessol201309.pdf
[2013/10/02 15:39:55 | 000,003,729 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/30 09:44:54 | 000,368,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/27 16:11:15 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131003-152013.backup
[2013/09/26 12:02:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/26 12:02:30 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/09/26 12:02:30 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/26 12:02:30 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/25 18:01:09 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130927-161115.backup
[2013/09/20 16:33:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 16:33:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/16 19:31:21 | 000,012,288 | ---- | M] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

========== Files Created - No Company Name ==========

[2013/10/03 14:54:40 | 000,102,682 | ---- | C] () -- C:\Users\anaeano\Desktop\Sanessol201309.pdf
[2013/09/30 09:44:37 | 000,368,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/25 17:31:50 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/10 16:35:18 | 000,720,082 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.exe
[2013/06/26 19:43:41 | 000,003,729 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/25 22:06:50 | 000,029,020 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.dat
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.jpg
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.C
[2013/03/29 18:31:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2011/07/18 07:02:51 | 000,000,000 | ---- | C] () -- C:\Users\anaeano\AppData\Local\{1AE04D38-2B6D-464E-AEBE-CE14B7E98C7D}
[2011/03/12 16:20:14 | 000,012,288 | ---- | C] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 21:51:19 | 000,000,600 | ---- | C] () -- C:\Users\anaeano\PUTTY.RND
[2010/03/26 13:27:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/31 21:30:24 | 000,007,597 | ---- | C] () -- C:\Users\anaeano\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/04 16:03:46 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\Autodesk
[2012/12/20 10:16:17 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\AVG2013
[2013/10/01 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\DiskDefrag
[2013/07/07 21:11:34 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\GlarySoft
[2010/05/09 21:38:10 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\Hide IP NG
[2013/07/06 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\IrfanView
[2012/12/20 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\TuneUp Software
[2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Usuário Padrão\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200AAJS-00B4A0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Multi Flash Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Seagate FreeAgent Go USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10,00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 288,00GB
Starting Offset: 10486808576
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 233,00GB
Starting Offset: 32256
Hidden sectors: 0

========== Alternate Data Streams ==========

@Alternate Data Stream - 2 bytes -> C:\Windows\System32:19C2A9A4_Bb.gbp
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >

Adriano Cruz · Oct 4, 2013

Extras.txt

OTL Extras logfile created on: 04/10/2013 16:54:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS

Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E8031-7144-46A4-B049-AB3B3FDC3CFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{04A9D2B6-C854-4B07-9883-6DE9BB6AAB26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1126F98D-0964-482B-97E9-7F3C401C7DC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{15AD5EFC-EFB6-4D40-83F0-3D99E1A44A82}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CA10901-46BB-49E0-B8A4-86B8CB7A0EC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{746A0C57-0C83-4D67-B11C-7A86694C4785}" = lport=138 | protocol=17 | dir=in | app=system |
"{8471C675-6DC8-4AA5-A416-501B8A741486}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E012FD6-DC6B-4D25-AB44-57029A62C8A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EE2C044-2AD6-4019-93A6-08D0B79D99D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE96FB60-8FCE-4D0B-A356-D884DD4FDFA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE75854B-B99A-4D55-B3A6-C781EB156C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14D3FCD-E7F2-4253-83BA-0A57373E5A52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA8BA78E-AA3A-4A1E-9534-9DCC02C98F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCEB6C29-D344-46CA-A0EC-66D18652E722}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC8757C-5B69-4B57-8600-281274B3FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCBEA455-58C3-41BC-8B53-8C9797937ABC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC1207-CDEB-46F0-9E10-AF556C2E60F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1728057D-4C61-4E9F-A259-0A809CAB0A3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1C8DFE47-8A42-4FFF-AEAF-7F9374CAADDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25BA88ED-995E-4034-9E73-14C50C9F5C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{27DCA6D6-7D07-4956-B21E-33ED3CA9C295}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{347E3C2C-9995-4541-A5C7-5A0E830990AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{355C16FA-7BA7-42DA-A1E8-1D8DD4B82A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4190BE0A-68D2-45C0-8A03-4F03D2A17CB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{43F20C69-B04A-47A2-BA22-CFDC8F8515F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49C031E9-89C7-4C66-AB86-3D7755763E5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{64825EA7-6ADE-4B88-9B4B-4ABA8F268696}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{68448CBC-3D7C-473C-9119-D919E10D3624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89AA7339-F6F0-4DC0-BFAC-798B85EA6C3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DE85DB-B481-452D-864E-47028D0A9FB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{AE8C3F42-994D-47F2-9CE0-C02AD814279E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BC9A260A-887A-4D38-AA5F-7194F719C267}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BCA2B3A9-8050-4E02-94EB-00A0AD58D2C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CB66A313-251B-4315-A202-46A1660FE26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE8F6EF6-5872-4D1F-8143-5105DD1CBBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DD6FD93E-94F9-4585-A1AA-25A8DE148CBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{DD8414ED-3FEE-4314-9055-A5DACB3D12FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18D9D3B-67AE-4400-A719-26BE64A29928}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{E338D381-D763-4CB7-8ED2-9D9996423FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED0DC637-B8AE-4C3B-8369-574BAD74FE68}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{10CEAFE8-652E-4B3A-8DC8-B929CC06FED0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{56095BFA-9EDD-4741-A187-34CA9B851705}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EC243B45-7D2C-43F8-B988-74487D13BAAA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F4F02E18-43B5-4CBA-B0DF-01BFE10F4408}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5B86A2B9-BFC0-4B6C-92BC-2CBBEED432D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9C347BD5-AD13-4294-983F-298F8AAAAAB0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CF28B3A2-0D24-40CA-A63E-9D9DDA21DB9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D194D660-96A3-41E9-BE59-46901FF60814}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"MEPOR" = DIC Michaelis Escolar - Espanhol
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b0e7647ff8fae74" = IBA Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/12/2012 16:21:02 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 16/12/2012 17:00:16 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
Description =

Error - 16/12/2012 17:55:18 | Computer Name = anaeano-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567,
carimbo de hora: 0x4d6727a7 Nome do módulo de falhas: MSONSEXT.DLL, versão: 10.145.7329.0,
carimbo de hora: 0x4019138d Código de exceção: 0xc0000005 Deslocamento com falha:
0x0004f8b5 Identificação do processo com falha: 0xd98 Hora de início do aplicativo
com falha: 0x01cddbd65c39c207 Caminho do aplicativo com falha: C:\Windows\Explorer.exe
FCaminho
do módulo de falhas: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Identificação
do Relatório: 473b17eb-47cb-11e2-b69c-002618ab3c41

Error - 17/12/2012 16:07:30 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 18/12/2012 16:39:12 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 19/12/2012 16:36:59 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 20/12/2012 10:35:20 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 21/12/2012 11:11:57 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 22/12/2012 15:41:40 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 24/12/2012 13:05:34 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 02/10/2013 18:17:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

Error - 02/10/2013 18:17:59 | Computer Name = anaeano-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = O serviço Auxiliar de Compatibilidade de Programas não pôde executar
a inicialização da fase dois.

Error - 02/10/2013 20:37:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.

Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053

Error - 03/10/2013 13:45:33 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

Error - 03/10/2013 20:04:40 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.

Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053

Error - 04/10/2013 09:26:08 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

< End of report >

Adriano Cruz · Oct 4, 2013

aswMBR.log and MBR.dat (zipped)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-04 17:37:47
-----------------------------
17:37:47.077 OS Version: Windows 6.1.7601 Service Pack 1
17:37:47.077 Number of processors: 2 586 0x170A
17:37:47.079 ComputerName: ANAEANO-PC UserName: anaeano
17:37:47.763 Initialize success
17:52:24.522 AVAST engine defs: 13100401
17:52:33.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:52:33.704 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
17:52:33.810 Disk 0 MBR read successfully
17:52:33.815 Disk 0 MBR scan
17:52:33.828 Disk 0 Windows 7 default MBR code
17:52:33.834 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 10000 MB offset 2048
17:52:33.861 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295243 MB offset 20482048
17:52:33.877 Disk 0 scanning sectors +625139712
17:52:33.966 Disk 0 scanning C:\Windows\system32\drivers
17:52:50.178 Service scanning
17:52:58.163 Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32
17:53:20.384 Modules scanning
17:53:25.358 Disk 0 trace - called modules:
17:53:25.376 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
17:53:25.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a32030]
17:53:25.386 3 CLASSPNP.SYS[88fb159e] -> nt!IofCallDriver -> [0x8595a7e0]
17:53:25.391 5 ACPI.sys[88aab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8594d338]
17:53:26.206 AVAST engine scan C:\Windows
17:53:29.549 AVAST engine scan C:\Windows\system32
17:59:27.509 AVAST engine scan C:\Windows\system32\drivers
17:59:52.500 AVAST engine scan C:\Users\anaeano
18:03:28.212 AVAST engine scan C:\ProgramData
18:04:40.973 Scan finished successfully
18:20:40.404 Disk 0 MBR has been saved successfully to "C:\Program Files\aswMBR\MBR.dat"
18:20:40.411 The log file has been saved successfully to "C:\Program Files\aswMBR\aswMBR.txt"

Robybel · Oct 5, 2013

Hi Adriano Cruz

Good job

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Next

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Next

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next

Download RogueKiller and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
Next click on the ShortcutsFix
another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :

checkup.txt

AdwCleaner[R0].txt

JRT.txt

All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Adriano Cruz · Oct 7, 2013

checkup.txt

Robybell,

Here goes the requested files.

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java 7 Update 40
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Adriano Cruz · Oct 7, 2013

AdwCleaner[R0].txt

I didn't click on the cleaning\delete button after the scan.

The softwares configurations I would like to keep is:
- AVG
- Internet Explorer
- Mozilla Firefox

# AdwCleaner v3.006 - Relatório criado 07/10/2013 às 16:27:37
# Atualizado 01/10/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : anaeano - ANAEANO-PC
# Executando de : C:\Program Files\Adwcleaner\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Pasta Encontrado C:\Program Files\AVG Secure Search
Pasta Encontrado C:\Program Files\Common Files\AVG Secure Search
Pasta Encontrado C:\ProgramData\AVG Secure Search
Pasta Encontrado C:\ProgramData\boost_interprocess
Pasta Encontrado C:\Users\anaeano\AppData\Local\AVG Secure Search
Pasta Encontrado C:\Users\anaeano\AppData\LocalLow\AVG Secure Search
Pasta Encontrado C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\jetpack

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AVG Secure Search
Chave Encontrada : HKCU\Software\BI
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\YahooPartnerToolbar
Chave Encontrada : HKLM\Software\AVG Secure Search
Chave Encontrada : HKLM\Software\AVG Security Toolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Encontrada : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\prefs.js ]

Linha encontrada : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.0.14");
Linha encontrada : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&pr=fr[...]

*************************

AdwCleaner[R0].txt - [7196 octets] - [07/10/2013 16:27:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7256 octets] ##########

Adriano Cruz · Oct 7, 2013

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Starter x86
Ran by anaeano on 07/10/2013 at 16:35:40,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{031559F6-88B1-46FA-83A8-9901AE84933C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{03A8C0D7-3246-4186-89F9-7CB4B87962D0}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{04D7AFA4-DAD8-48EB-BE3C-52A12DB15875}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{12329A2A-05E4-44D3-A005-BD1F41B517B0}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{18054F79-DEE3-42E3-9102-727959DA0558}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{18D02EC4-FD7E-4B52-B742-FA93C86A7200}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{1DF0D558-3CDE-471F-9DA3-9C685500C2F8}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{1FE87E6A-99E5-4BAC-8ABE-477A38F377E8}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{2D19DBFC-F96D-46E7-BC82-B3C75E78BBD7}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{303BD25C-51D0-4714-8E5F-05252979B473}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{30DCC627-19E0-4593-940C-7A68667A9C9A}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{32C1BA2B-E6E8-4681-B81D-53325B331040}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{39FE50C8-74F1-42C7-ABB7-1C6060235DE0}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{53B372C2-962B-432D-8C4A-89AA393C9455}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{554A827C-12D7-457D-91C7-D52DEB0CDC2A}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{5A51A726-12E1-4496-8AC2-73CADF5E315D}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{5BCE3297-D65B-4D2B-ADBD-AB8E8D346F0C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{60CBEB59-D43E-4E64-B5FF-44B0E6CF3572}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{654F156A-EFE5-460F-8C8B-E51F2CA22CB3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{65F0103B-4352-492F-AEF8-18001E08E9C1}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6ABA4C57-0DE3-410E-9EE9-8089643CA6BB}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6AEC1C52-C729-41B6-B164-6A88AA3778F3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6DC649FB-91A6-4964-9AF2-8FF11D2FC323}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{788E8F0F-14D0-4330-83AB-50AD4B758645}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{7D03AC96-11D3-4D3E-9E1C-9B7BF890F14A}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8561B2B7-C0B2-48B1-8C37-6AF83BF7505F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8696A651-6D39-46C9-BE9C-BF7F2BCD3DD2}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8F994AAC-E2F6-4F0C-BE31-6EE2D43B9A74}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8FF34E29-732F-482A-AD3A-459F9CD12065}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{907F07C6-B720-4FEA-A12B-AC1E94B6B39F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{91DE90D0-5FD6-4A6B-ADD7-BDB7429794C6}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{A9FC49CB-B88A-440C-ACBA-91AC3994B00C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{BD2B4D78-F098-4EBC-B9B1-BF289775CF74}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{C14999AF-D8A2-4B98-9BCE-A29E138DC6F3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{C6A3A253-7FFC-435F-8145-9253EAEF55E9}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CDE37E5F-D09D-444B-9FD5-BD9503200E5D}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CF8687CB-BFC1-41C2-9540-BC83C35A492C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CFD46C27-5419-4834-A55A-20EFF49EA39D}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{D6D95AE4-1663-45E3-A1F5-9F57B07A0C65}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DA9482D1-C580-4F9B-B087-20C484336043}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DCA8DE6B-C842-45C5-940C-669B753A3AA8}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DE4CB351-22CC-4EBC-84A1-EFDA0044FDB3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E3D34EAF-5525-4B40-AF6F-5185B6A64847}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E64CB22B-716A-49A0-9030-FA35F288414F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E8AFA693-A12A-450F-BB01-E464E1A2118F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{EDD9F07C-18AD-4B15-8D6F-643865BF4BBF}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{F7BFC302-04CA-4C9D-8779-46CE88B6485E}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{F9383060-5475-4F05-9487-9E8DE4CFE778}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{FF204A29-A7AA-41B2-AFBF-DD3365360E1A}

~~~ FireFox

Successfully deleted the following from C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\prefs.js

user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34
Emptied folder: C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\minidumps [36 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2013 at 16:37:19,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adriano Cruz · Oct 7, 2013

RKreport[0]_D_10072013_165239

RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Remover -- Data : 10/07/2013 16:52:39
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETADO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETADO
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFF3F8A75)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@ScrollViewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8576)
[Inline] EAT @explorer.exe (RegCreateKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759240FE)
[Inline] EAT @explorer.exe (RegEnumKeyW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592445B)
[Inline] EAT @explorer.exe (RegOpenKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592468D)
[Inline] EAT @explorer.exe (RegQueryValueExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759246AD)
[Inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7513DF8D)

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] a3c0de2d82b0627ed1d91fd1074efef4
[BSP] 081e1d9b6ef823f10f987314a2fbb8ab : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 295243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_D_10072013_165239.txt >>
RKreport[0]_S_10072013_165157.txt

Adriano Cruz · Oct 7, 2013

RKreport[0]_SC_10072013_165315

RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Atalhos HJfix -- Data : 10/07/2013 16:53:15
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Atributos de arquivos restaurados: ¤¤¤
Área de trabalho: Success 0 / Fail 0
Barra de inicialização rapida: Success 0 / Fail 0
Programas: Success 0 / Fail 0
Menu Iniciar: Success 0 / Fail 0
Pasta do Usuario: Success 10 / Fail 0
Meus Documentos: Success 1 / Fail 1
Meus Favoritos: Success 0 / Fail 0
Minhas Imagens: Success 0 / Fail 0
Minhas Musicas: Success 0 / Fail 0
Meus Videos: Success 0 / Fail 0
Unidade Local: Success 11 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored

¤¤¤ Infecção : ¤¤¤

Concluido : << RKreport[0]_SC_10072013_165315.txt >>
RKreport[0]_D_10072013_165239.txt;RKreport[0]_S_10072013_165157.txt

Adriano Cruz · Oct 7, 2013

Doubt and next steps

Robybell,

What are host archives? I don't remember I have used anyone of that links listed by OTL and JRT...

I wait your instructions for the next steps.

Adriano.

Adriano Cruz · Oct 7, 2013

RKreport[0]_S_10072013_165157 (missing file..)

RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Verificar -- Data : 10/07/2013 16:51:57
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 5 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> ENCONTRADO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ENCONTRADO
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ENCONTRADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFF3F8A75)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@ScrollViewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8576)
[Inline] EAT @explorer.exe (RegCreateKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759240FE)
[Inline] EAT @explorer.exe (RegEnumKeyW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592445B)
[Inline] EAT @explorer.exe (RegOpenKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592468D)
[Inline] EAT @explorer.exe (RegQueryValueExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759246AD)
[Inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7513DF8D)

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] a3c0de2d82b0627ed1d91fd1074efef4
[BSP] 081e1d9b6ef823f10f987314a2fbb8ab : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 295243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_S_10072013_165157.txt >>

Adriano Cruz · Oct 8, 2013

Robybell,

Do not bother replying my question about host file.
I did a research and found out what it is.

My AVG detected RK as a threat and it was needed to deactived AVG to run RK properly.

About the dates RK transfers by itself to the its software owner, may I stay peaceful?

Dakeyras · Oct 8, 2013

Hi.

Robybel is currently unavailable and I will be assisting you for the time being...

Please acknowledge this post and then we will go from there, thank you.

Adriano Cruz · Oct 8, 2013

acknowledge

Hi Dakeyras!

We can go on!

Dakeyras · Oct 8, 2013

Hi.

We can go on!

Acknowledged.

Going back to some questions you raised...

My AVG detected RK as a threat and it was needed to deactived AVG to run RK properly.

Not a problem and at times any security software you have installed(in this case AVG 2013) may give warnings for some of the tools you may be asked to download/use. Be assured, any advised are absolutely safe to download etc...

About the dates RK transfers by itself to the its software owner, may I stay peaceful?

Yes you can, lets proceed as follows shall we...

Re-scan with AdwCleaner:

Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Re-scan with OTL:

Right-click on OTL.exe and select Run as Administrator to start OTL.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Then click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered ?
AdwCleaner Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Adriano Cruz · Oct 9, 2013

AdwCleaner[S0]

# AdwCleaner v3.007 - Relatório criado 09/10/2013 às 11:19:23
# Atualizado 09/10/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : anaeano - ANAEANO-PC
# Executando de : C:\AdwCleaner\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\Program Files\AVG Secure Search
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\Local\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\LocalLow\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\jetpack
Arquivo Deletada : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\AVG Security Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\prefs.js ]

Linha deletada : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.0.14");

*************************

AdwCleaner[R0].txt - [7336 octets] - [07/10/2013 16:27:37]
AdwCleaner[R1].txt - [4135 octets] - [09/10/2013 11:15:29]
AdwCleaner[S0].txt - [3995 octets] - [09/10/2013 11:19:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4055 octets] ##########

Adriano Cruz · Oct 9, 2013

OTL.txt

OTL logfile created on: 09/10/2013 11:35:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,34% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 243,98 Gb Free Space | 84,62% Space Free | Partition Type: NTFS

Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/04 16:31:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Arquivos de Programas\OTL\OTL.exe
PRC - [2013/10/01 14:35:57 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Arquivos de Programas\PDF24\pdf24.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/12/10 01:51:18 | 000,115,888 | ---- | M] (Oceanis) -- C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/01 14:35:56 | 003,279,768 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/10/01 14:35:57 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TVICHW32)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/02 04:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010/09/02 04:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/03/26 16:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/11/12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{96E5BEB0-9B21-4A0F-9ACE-870255201492}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://positivo.br.msn.comhttp:// [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 0F 96 0A CD A2 CA 01 [binary data]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes\{4869887B-18B6-4360-A362-D83D7786FC3A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/09/09 15:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]

[2010/01/31 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Extensions
[2013/09/29 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions
[2013/05/28 20:13:13 | 000,000,000 | ---D | M] (Guardiao Itau Unibanco) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/07/12 15:33:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\donottrackplus@abine.com
[2013/09/27 15:35:12 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\idme@abine.com
[2013/07/23 19:25:34 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/07/30 21:03:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/10/01 14:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/10/01 14:35:57 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/09 15:45:56 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\ANAEANO\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
[2013/02/12 01:33:44 | 001,904,472 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2013/10/03 15:20:13 | 000,449,438 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Arquivos de Programas\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDFPrint] C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EB143E-8F5A-41A7-B3A9-2827929C5192}: DhcpNameServer = 200.204.0.10 200.204.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 16:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2013/10/07 16:35:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/07 16:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Junkware Removal Tool
[2013/10/07 16:27:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/07 16:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Security check
[2013/10/04 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\aswMBR
[2013/10/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
[2013/10/01 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/29 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\anaeano\dwhelper
[2013/09/29 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\anaeano\Local Settings
[2013/09/26 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/26 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/26 12:02:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/26 12:02:39 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/25 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/25 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/25 17:31:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/09/25 17:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/09/23 20:21:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/09/20 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\anaeano\AppData\Roaming\vlc
[2013/09/13 21:28:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 21:28:20 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 21:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 21:28:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 21:28:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 21:28:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 21:28:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/13 21:28:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 21:28:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 13:54:56 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/13 13:54:55 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/13 13:54:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/13 13:54:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/13 13:54:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 13:54:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 13:54:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 13:54:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 13:54:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 13:54:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys

========== Files - Modified Within 30 Days ==========

[2013/10/09 11:29:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 11:29:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 11:27:58 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/09 11:27:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/09 11:21:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/10/09 11:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/09 11:21:23 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/08 16:51:30 | 000,076,649 | ---- | M] () -- C:\Users\anaeano\Desktop\certidão de Quitação Eleitoral- Adriano.pdf
[2013/10/04 16:22:31 | 000,673,162 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/10/04 16:22:31 | 000,624,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/04 16:22:31 | 000,131,290 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/10/04 16:22:31 | 000,109,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/03 15:20:13 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/02 15:39:55 | 000,003,729 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/30 09:44:54 | 000,368,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/27 16:11:15 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131003-152013.backup
[2013/09/26 12:02:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/26 12:02:30 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/09/26 12:02:30 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/26 12:02:30 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/25 18:01:09 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130927-161115.backup
[2013/09/20 16:33:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 16:33:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/16 19:31:21 | 000,012,288 | ---- | M] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys

========== Files Created - No Company Name ==========

[2013/10/08 16:51:50 | 000,076,649 | ---- | C] () -- C:\Users\anaeano\Desktop\certidão de Quitação Eleitoral- Adriano.pdf
[2013/09/30 09:44:37 | 000,368,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/25 17:31:50 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/10 16:35:18 | 000,720,082 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.exe
[2013/06/26 19:43:41 | 000,003,729 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/25 22:06:50 | 000,029,020 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.dat
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.jpg
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.C
[2013/03/29 18:31:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2011/07/18 07:02:51 | 000,000,000 | ---- | C] () -- C:\Users\anaeano\AppData\Local\{1AE04D38-2B6D-464E-AEBE-CE14B7E98C7D}
[2011/03/12 16:20:14 | 000,012,288 | ---- | C] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 21:51:19 | 000,000,600 | ---- | C] () -- C:\Users\anaeano\PUTTY.RND
[2010/03/26 13:27:02 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/31 21:30:24 | 000,007,597 | ---- | C] () -- C:\Users\anaeano\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:19C2A9A4_Bb.gbp
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Adriano Cruz · Oct 9, 2013

Extras.txt

OTL Extras logfile created on: 09/10/2013 11:35:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,34% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 243,98 Gb Free Space | 84,62% Space Free | Partition Type: NTFS

Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E8031-7144-46A4-B049-AB3B3FDC3CFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{04A9D2B6-C854-4B07-9883-6DE9BB6AAB26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1126F98D-0964-482B-97E9-7F3C401C7DC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{15AD5EFC-EFB6-4D40-83F0-3D99E1A44A82}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CA10901-46BB-49E0-B8A4-86B8CB7A0EC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{746A0C57-0C83-4D67-B11C-7A86694C4785}" = lport=138 | protocol=17 | dir=in | app=system |
"{8471C675-6DC8-4AA5-A416-501B8A741486}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E012FD6-DC6B-4D25-AB44-57029A62C8A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EE2C044-2AD6-4019-93A6-08D0B79D99D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE96FB60-8FCE-4D0B-A356-D884DD4FDFA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE75854B-B99A-4D55-B3A6-C781EB156C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14D3FCD-E7F2-4253-83BA-0A57373E5A52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA8BA78E-AA3A-4A1E-9534-9DCC02C98F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCEB6C29-D344-46CA-A0EC-66D18652E722}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC8757C-5B69-4B57-8600-281274B3FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCBEA455-58C3-41BC-8B53-8C9797937ABC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC1207-CDEB-46F0-9E10-AF556C2E60F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1728057D-4C61-4E9F-A259-0A809CAB0A3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1C8DFE47-8A42-4FFF-AEAF-7F9374CAADDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25BA88ED-995E-4034-9E73-14C50C9F5C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{27DCA6D6-7D07-4956-B21E-33ED3CA9C295}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{347E3C2C-9995-4541-A5C7-5A0E830990AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{355C16FA-7BA7-42DA-A1E8-1D8DD4B82A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4190BE0A-68D2-45C0-8A03-4F03D2A17CB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{43F20C69-B04A-47A2-BA22-CFDC8F8515F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49C031E9-89C7-4C66-AB86-3D7755763E5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{64825EA7-6ADE-4B88-9B4B-4ABA8F268696}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{68448CBC-3D7C-473C-9119-D919E10D3624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89AA7339-F6F0-4DC0-BFAC-798B85EA6C3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DE85DB-B481-452D-864E-47028D0A9FB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{AE8C3F42-994D-47F2-9CE0-C02AD814279E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BC9A260A-887A-4D38-AA5F-7194F719C267}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BCA2B3A9-8050-4E02-94EB-00A0AD58D2C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CB66A313-251B-4315-A202-46A1660FE26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE8F6EF6-5872-4D1F-8143-5105DD1CBBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DD6FD93E-94F9-4585-A1AA-25A8DE148CBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{DD8414ED-3FEE-4314-9055-A5DACB3D12FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18D9D3B-67AE-4400-A719-26BE64A29928}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{E338D381-D763-4CB7-8ED2-9D9996423FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED0DC637-B8AE-4C3B-8369-574BAD74FE68}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{10CEAFE8-652E-4B3A-8DC8-B929CC06FED0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{56095BFA-9EDD-4741-A187-34CA9B851705}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EC243B45-7D2C-43F8-B988-74487D13BAAA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F4F02E18-43B5-4CBA-B0DF-01BFE10F4408}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5B86A2B9-BFC0-4B6C-92BC-2CBBEED432D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9C347BD5-AD13-4294-983F-298F8AAAAAB0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CF28B3A2-0D24-40CA-A63E-9D9DDA21DB9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D194D660-96A3-41E9-BE59-46901FF60814}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"MEPOR" = DIC Michaelis Escolar - Espanhol
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b0e7647ff8fae74" = IBA Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2013 17:08:34 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

[ System Events ]
Error - 07/10/2013 20:00:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 08/10/2013 08:54:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

Error - 08/10/2013 21:22:02 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 09/10/2013 10:03:42 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.

Error - 09/10/2013 10:03:42 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053

Error - 09/10/2013 10:03:50 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

Error - 09/10/2013 10:20:24 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 09/10/2013 10:21:54 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço vToolbarUpdater17.0.12 devido ao
seguinte erro: %%2

Error - 09/10/2013 10:21:57 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

< End of report >

SB doesn't remove "Somoto.BetterInstaller"

New member

Malware Team: Emeritus

New member

New member

New member

Attachments

Malware Team: Emeritus

New member

New member

New member

New member

New member

New member

New member

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

New member

New member